BigQuery

BigQuery is a data warehouse from Google Cloud optimized for analytics workloads. Metaplane monitors the data within your BigQuery instance so you can be the first to know if potential data bugs.

Adding BigQuery source

To add a source, navigate to the Connections page and click the BigQuery button.

There are two ways of providing access to your BigQuery instance:

  1. Provide us with a service account that you manage in your Google Cloud account. This account should be provisioned with the following read-only roles:
  • bigquery.dataViewer
  • bigquery.jobUser
  • bigquery.readSessionUser

You'll need to provide us with the service account's email, JSON-formatted key, and the location of your BigQuery instance. You'll also need to provide a nickname (e.g., BigQuery Prod); a Metaplane-specific display name.

11781178
  1. Grant permissions to a Metaplane-provided service account. In this case, we'll create a service account for you within our Google Cloud account. Initially, this new service account won't have access your BigQuery instance so you'll have to grant it the appropriate roles.

When selecting this option you'll get prompted for a nickname (e.g. BigQuery Prod), your project_id, and region:

11791179

Granting permissions

Regardless of the option you choose, providing your own service account or using one of ours, the service account will need the appropriate read-only roles: bigquery.dataViewer (read data and metadata from dataset's tables), bigquery.jobUser (run queries), and bigquery.readSessionUser create and use read sessions).

The easiest way to grant these roles is through the Google Cloud Shell.

The commands are in the following format, replaced with your project_id and a service_account. You can copy, paste, and execute all three commands at once.

gcloud projects add-iam-policy-binding [[project_id]] \
--member [[service_account]] \
--role roles/bigquery.dataViewer

gcloud projects add-iam-policy-binding [[project_id]] \
--member [[service_account]] \
--role roles/bigquery.jobUser

gcloud projects add-iam-policy-binding [[project_id]] \
--member [[service_account]] \
--role roles/bigquery.readSessionUser

Whitelisted IPs

Metaplane will always connect to your data warehouse from these static IP addresses:

  • 52.22.202.169/32
  • 34.199.237.80/32
  • 54.227.153.130/32
  • 34.230.219.122/32
  • 44.197.96.121/32
  • 34.206.79.174/32
  • 107.22.42.246/32

What’s Next